KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > avalon > phoenix > components > classloader > DefaultPolicy


1 /*
2  * Copyright (C) The Apache Software Foundation. All rights reserved.
3  *
4  * This software is published under the terms of the Apache Software License
5  * version 1.1, a copy of which has been included with this distribution in
6  * the LICENSE.txt file.
7  */

8 package org.apache.avalon.phoenix.components.classloader;
9
10 import java.io.File JavaDoc;
11 import java.io.InputStream JavaDoc;
12 import java.lang.reflect.Constructor JavaDoc;
13 import java.net.MalformedURLException JavaDoc;
14 import java.net.URL JavaDoc;
15 import java.security.KeyStore JavaDoc;
16 import java.security.KeyStoreException JavaDoc;
17 import java.security.Permission JavaDoc;
18 import java.security.Permissions JavaDoc;
19 import java.security.UnresolvedPermission JavaDoc;
20 import java.security.cert.Certificate JavaDoc;
21 import java.util.ArrayList JavaDoc;
22 import java.util.HashMap JavaDoc;
23 import java.util.PropertyPermission JavaDoc;
24 import java.util.StringTokenizer JavaDoc;
25 import org.apache.avalon.excalibur.i18n.ResourceManager;
26 import org.apache.avalon.excalibur.i18n.Resources;
27 import org.apache.avalon.framework.configuration.Configurable;
28 import org.apache.avalon.framework.configuration.Configuration;
29 import org.apache.avalon.framework.configuration.ConfigurationException;
30 import org.apache.avalon.framework.context.DefaultContext;
31 import org.apache.avalon.phoenix.components.util.ResourceUtil;
32
33 /**
34  * Policy that extracts information from policy files.
35  *
36  * @author <a HREF="mailto:peter at apache.org">Peter Donald</a>
37  */

38 class DefaultPolicy
39     extends AbstractPolicy
40     implements Configurable
41 {
42     private static final Resources REZ =
43         ResourceManager.getPackageResources( DefaultPolicy.class );
44
45     private final File JavaDoc m_baseDirectory;
46
47     private final File JavaDoc m_workDirectory;
48
49     private DefaultContext m_context;
50
51     protected DefaultPolicy( final File JavaDoc baseDirectory,
52                              final File JavaDoc workDirectory )
53     {
54         final HashMap JavaDoc map = new HashMap JavaDoc();
55         map.putAll( System.getProperties() );
56         m_context = new DefaultContext( map );
57         m_context.put( "/", File.separator );
58         m_context.put( "app.home", baseDirectory );
59         m_workDirectory = workDirectory;
60         m_baseDirectory = baseDirectory;
61     }
62
63     public void configure( final Configuration configuration )
64         throws ConfigurationException
65     {
66         setupDefaultPermissions();
67
68         final Configuration[] keyStoreConfigurations = configuration.getChildren( "keystore" );
69         final HashMap JavaDoc keyStores = configureKeyStores( keyStoreConfigurations );
70
71         final Configuration[] grants = configuration.getChildren( "grant" );
72         if( 0 != grants.length )
73         {
74             configureGrants( grants, keyStores );
75         }
76         else
77         {
78             final String JavaDoc message =
79                 REZ.getString( "policy.notice.full-perms" );
80             getLogger().info( message );
81             final Permissions JavaDoc permissions = createPermissionSetFor( getInclusiveURL(), null );
82             permissions.add( new java.security.AllPermission JavaDoc() );
83         }
84     }
85
86     private URL JavaDoc getInclusiveURL()
87     {
88         try
89         {
90             return new URL JavaDoc( "file:/-" );
91         }
92         catch( final MalformedURLException JavaDoc mue )
93         {
94             //Never happens
95
return null;
96         }
97     }
98
99     private void setupDefaultPermissions()
100     {
101         //these properties straight out ot ${java.home}/lib/security/java.policy
102
final Permissions JavaDoc permissions = createPermissionSetFor( getInclusiveURL(), null );
103
104         permissions.add( new PropertyPermission JavaDoc( "os.name", "read" ) );
105         permissions.add( new PropertyPermission JavaDoc( "os.arch", "read" ) );
106         permissions.add( new PropertyPermission JavaDoc( "os.version", "read" ) );
107         permissions.add( new PropertyPermission JavaDoc( "file.separator", "read" ) );
108         permissions.add( new PropertyPermission JavaDoc( "path.separator", "read" ) );
109         permissions.add( new PropertyPermission JavaDoc( "line.separator", "read" ) );
110
111         permissions.add( new PropertyPermission JavaDoc( "java.version", "read" ) );
112         permissions.add( new PropertyPermission JavaDoc( "java.vendor", "read" ) );
113         permissions.add( new PropertyPermission JavaDoc( "java.vendor.url", "read" ) );
114
115         permissions.add( new PropertyPermission JavaDoc( "java.class.version", "read" ) );
116         permissions.add( new PropertyPermission JavaDoc( "java.vm.version", "read" ) );
117         permissions.add( new PropertyPermission JavaDoc( "java.vm.vendor", "read" ) );
118         permissions.add( new PropertyPermission JavaDoc( "java.vm.name", "read" ) );
119
120         permissions.add( new PropertyPermission JavaDoc( "java.specification.version", "read" ) );
121         permissions.add( new PropertyPermission JavaDoc( "java.specification.vendor", "read" ) );
122         permissions.add( new PropertyPermission JavaDoc( "java.specification.name", "read" ) );
123         permissions.add( new PropertyPermission JavaDoc( "java.vm.specification.version", "read" ) );
124         permissions.add( new PropertyPermission JavaDoc( "java.vm.specification.vendor", "read" ) );
125         permissions.add( new PropertyPermission JavaDoc( "java.vm.specification.name", "read" ) );
126     }
127
128     private HashMap JavaDoc configureKeyStores( final Configuration[] configurations )
129         throws ConfigurationException
130     {
131         final HashMap JavaDoc keyStores = new HashMap JavaDoc();
132
133         for( int i = 0; i < configurations.length; i++ )
134         {
135             final Configuration configuration = configurations[ i ];
136             final String JavaDoc type = configuration.getAttribute( "type" );
137             final String JavaDoc location = configuration.getAttribute( "location" );
138             final String JavaDoc name = configuration.getAttribute( "name" );
139
140             try
141             {
142                 final KeyStore JavaDoc keyStore = KeyStore.getInstance( type );
143                 final URL JavaDoc url = new URL JavaDoc( location );
144                 final InputStream JavaDoc ins = url.openStream();
145
146                 keyStore.load( ins, null );
147
148                 keyStores.put( name, keyStore );
149             }
150             catch( final Exception JavaDoc e )
151             {
152                 final String JavaDoc message = REZ.getString( "policy.error.keystore.config", name );
153                 throw new ConfigurationException( message, e );
154             }
155         }
156
157         return keyStores;
158     }
159
160     private void configureGrants( final Configuration[] configurations,
161                                   final HashMap JavaDoc keyStores )
162         throws ConfigurationException
163     {
164         for( int i = 0; i < configurations.length; i++ )
165         {
166             configureGrant( configurations[ i ], keyStores );
167         }
168     }
169
170     private void configureGrant( final Configuration configuration, final HashMap JavaDoc keyStores )
171         throws ConfigurationException
172     {
173         //<grant signed-by="Fred" code-base="file:${sar.home}/blocks/*" key-store="foo-keystore">
174
//<permission class="java.io.FilePermission" target="/tmp/*" action="read,write" />
175
//</grant>
176

177         final String JavaDoc signedBy = configuration.getAttribute( "signed-by", null );
178         final String JavaDoc keyStoreName = configuration.getAttribute( "key-store", null );
179
180         String JavaDoc codeBase = configuration.getAttribute( "code-base", null );
181         if( null != codeBase )
182         {
183             codeBase = expand( codeBase );
184             codeBase = ResourceUtil.expandSarURL( codeBase,
185                                                   m_baseDirectory,
186                                                   m_workDirectory );
187         }
188
189         final Certificate JavaDoc[] signers = getSigners( signedBy, keyStoreName, keyStores );
190
191         Permissions JavaDoc permissions = null;
192
193         try
194         {
195             permissions = createPermissionSetFor( codeBase, signers );
196         }
197         catch( final MalformedURLException JavaDoc mue )
198         {
199             final String JavaDoc message = REZ.getString( "policy.error.codebase.malformed", codeBase );
200             throw new ConfigurationException( message, mue );
201         }
202
203         configurePermissions( configuration.getChildren( "permission" ),
204                               permissions,
205                               keyStores );
206     }
207
208     private void configurePermissions( final Configuration[] configurations,
209                                        final Permissions JavaDoc permissions,
210                                        final HashMap JavaDoc keyStores )
211         throws ConfigurationException
212     {
213         for( int i = 0; i < configurations.length; i++ )
214         {
215             configurePermission( configurations[ i ], permissions, keyStores );
216         }
217     }
218
219     private void configurePermission( final Configuration configuration,
220                                       final Permissions JavaDoc permissions,
221                                       final HashMap JavaDoc keyStores )
222         throws ConfigurationException
223     {
224         final String JavaDoc type = configuration.getAttribute( "class" );
225         final String JavaDoc actions = configuration.getAttribute( "actions", null );
226         final String JavaDoc signedBy = configuration.getAttribute( "signed-by", null );
227         final String JavaDoc keyStoreName = configuration.getAttribute( "key-store", null );
228
229         String JavaDoc target = configuration.getAttribute( "target", null );
230         if( null != target )
231         {
232             target = expand( target );
233         }
234
235         final Certificate JavaDoc[] signers = getSigners( signedBy, keyStoreName, keyStores );
236         final Permission JavaDoc permission = createPermission( type, target, actions, signers );
237
238         permissions.add( permission );
239     }
240
241     private String JavaDoc expand( final String JavaDoc value )
242         throws ConfigurationException
243     {
244         try
245         {
246             final Object JavaDoc resolvedValue = PropertyUtil.resolveProperty( value, m_context, false );
247             return resolvedValue.toString();
248         }
249         catch( final Exception JavaDoc e )
250         {
251             final String JavaDoc message = REZ.getString( "policy.error.property.resolve", value );
252             throw new ConfigurationException( message, e );
253         }
254     }
255
256     private Permission JavaDoc createPermission( final String JavaDoc type,
257                                          final String JavaDoc target,
258                                          final String JavaDoc actions,
259                                          final Certificate JavaDoc[] signers )
260         throws ConfigurationException
261     {
262         if( null != signers )
263         {
264             return createUnresolvedPermission( type, target, actions, signers );
265         }
266
267         try
268         {
269             final Class JavaDoc c = Class.forName( type );
270
271             Class JavaDoc paramClasses[] = null;
272             Object JavaDoc params[] = null;
273
274             if( null == actions && null == target )
275             {
276                 paramClasses = new Class JavaDoc[ 0 ];
277                 params = new Object JavaDoc[ 0 ];
278             }
279             else if( null == actions )
280             {
281                 paramClasses = new Class JavaDoc[ 1 ];
282                 paramClasses[ 0 ] = String JavaDoc.class;
283                 params = new Object JavaDoc[ 1 ];
284                 params[ 0 ] = target;
285             }
286             else
287             {
288                 paramClasses = new Class JavaDoc[ 2 ];
289                 paramClasses[ 0 ] = String JavaDoc.class;
290                 paramClasses[ 1 ] = String JavaDoc.class;
291                 params = new Object JavaDoc[ 2 ];
292                 params[ 0 ] = target;
293                 params[ 1 ] = actions;
294             }
295
296             final Constructor JavaDoc constructor = c.getConstructor( paramClasses );
297             final Object JavaDoc o = constructor.newInstance( params );
298             return (Permission JavaDoc)o;
299         }
300         catch( final ClassNotFoundException JavaDoc cnfe )
301         {
302             return createUnresolvedPermission( type, target, actions, signers );
303         }
304         catch( final Exception JavaDoc e )
305         {
306             final String JavaDoc message = REZ.getString( "policy.error.permission.create", type );
307             throw new ConfigurationException( message, e );
308         }
309     }
310
311     private Permission JavaDoc createUnresolvedPermission( final String JavaDoc type,
312                                                    final String JavaDoc target,
313                                                    final String JavaDoc actions,
314                                                    final Certificate JavaDoc[] signers )
315     {
316         return new UnresolvedPermission JavaDoc( type, target, actions, signers );
317     }
318
319     private Certificate JavaDoc[] getSigners( final String JavaDoc signedBy,
320                                       String JavaDoc keyStoreName,
321                                       final HashMap JavaDoc keyStores )
322         throws ConfigurationException
323     {
324         if( null != signedBy && null == keyStoreName )
325         {
326             keyStoreName = "default";
327         }
328
329         Certificate JavaDoc[] signers = null;
330
331         if( null != signedBy )
332         {
333             signers = getCertificates( signedBy, keyStoreName, keyStores );
334         }
335
336         return signers;
337     }
338
339     private Certificate JavaDoc[] getCertificates( final String JavaDoc signedBy,
340                                            final String JavaDoc keyStoreName,
341                                            final HashMap JavaDoc keyStores )
342         throws ConfigurationException
343     {
344         final KeyStore JavaDoc keyStore = (KeyStore JavaDoc)keyStores.get( keyStoreName );
345
346         if( null == keyStore )
347         {
348             final String JavaDoc message = REZ.getString( "policy.error.keystore.aquire", keyStoreName );
349             throw new ConfigurationException( message );
350         }
351
352         final ArrayList JavaDoc certificateSet = new ArrayList JavaDoc();
353
354         final StringTokenizer JavaDoc tokenizer = new StringTokenizer JavaDoc( signedBy, "," );
355
356         while( tokenizer.hasMoreTokens() )
357         {
358             final String JavaDoc alias = ((String JavaDoc)tokenizer.nextToken()).trim();
359             Certificate JavaDoc certificate = null;
360
361             try
362             {
363                 certificate = keyStore.getCertificate( alias );
364             }
365             catch( final KeyStoreException JavaDoc kse )
366             {
367                 final String JavaDoc message = REZ.getString( "policy.error.certificate.aquire", alias );
368                 throw new ConfigurationException( message, kse );
369             }
370
371             if( null == certificate )
372             {
373                 final String JavaDoc message =
374                     REZ.getString( "policy.error.alias.missing",
375                                    alias,
376                                    keyStoreName );
377                 throw new ConfigurationException( message );
378             }
379
380             if( !certificateSet.contains( certificate ) )
381             {
382                 certificateSet.add( certificate );
383             }
384         }
385
386         return (Certificate JavaDoc[])certificateSet.toArray( new Certificate JavaDoc[ 0 ] );
387     }
388 }
389
Popular Tags